l3d.acmetool

Panoramica Versioni Approfondimenti

Acmetool LE Client

This guide explains how to install and set up the acmetool Let's Encrypt (LE) client.

It is recommended to use this along with the do1jlr.nginx Ansible role. However, this role can also work independently.

The do1jlr.nginx role adds a feature to enable HTTPS for Nginx sites and executes the acmetool want $domain command. You can also list the domains you want to enable in acme_domain_want_list: []. Ensure that acmetool can request the specified domains, and consider modifying the response-file.yml.j2 for proper configuration.

Variables

  • acme_notification_email: (Default: [email protected]): Your LE account email. You should change this to your actual email!

  • acme_reload_services: (Default: []): Services that require a reload when the certificate changes. (Some services are predefined in the files/reload file)

  • acme_restart_services: (Default: []): Services that need to restart when the certificate changes.

  • acme_domain_want_list: (Default: []): A list of domains you want to enable. For example:

    acme_domain_want_list:
  - name: 'www.example.com'

  • acme_domain_unwant_list: (Default: []): Disable an enabled domain, using the same format as acme_domain_want_list.

  • submodules_versioncheck: (Default: false): Enable a basic version check. (It is recommended to set this to true)

Files

  • The response-file.yml.j2 is searched using the first_found_lookup method with this configuration:

    files:
  - "response-file.{{ inventory_hostname }}.yml.j2"
  - 'response-file.yml.j2'
paths:
  - 'templates/acmetool'
  - "templates/{{ inventory_hostname }}"
  - 'files/acmetool'
  - "files/{{ inventory_hostname }}"
  - 'templates'

    This file configures acmetool settings such as certificate type, challenge method, and notification email. Adjust the values to fit your needs.

  • The reload and restart hooks are also located using the first_found_lookup as defined in vars/main.yml.

  • The configurations for acme-reload and acme-restart are deployed based on the acme_reload_services: and acme_restart_services: variables.

References

Good to Know

  • If you're using Debian Buster, you might want a newer version of acmetool. Check out the do1jlr.acmetool_fix role, which will install a specific version of acmetool on Debian-based systems.
  • To manually add a domain to acmetool, run acmetool want example.com.
  • To manually remove a domain from acmetool, run acmetool unwant example.com.
Informazioni sul progetto

Install acmetool, an easy-to-use command line tool for automatically acquiring certificates from ACME servers (eg. Let's Encrypt)

role acmetool letsencrypt web
Installa
ansible-galaxy install l3d.acmetool
GitHub repository
3 stelle
2 fork
0 problemi aperti
Licenza
mit
Download
60.5k
Proprietario
Ansible Roles
Ansible roles provide a framework for fully independent, or interdependent collections of variables,tasks,files,templates &modules. Here we maintain some. enjoy